cvs commit: src/sys/kern subr_bus.c subr_rman.c vfs_subr.c src/sys/net if_mib.c src/sys/netinet ip_divert.c raw_ip.c udp_usrreq.c

M. Warner Losh imp at bsdimp.com
Thu May 5 22:54:37 PDT 2005


In message: <20050505.232214.96921001.imp at bsdimp.com>
            "M. Warner Losh" <imp at bsdimp.com> writes:
: : >   If we are going to
: : >   1. Copy a NULL-terminated string into a fixed-length buffer, and
: : >   2. copyout that buffer to userland,
: : >   we really ought to
: : >   0. Zero the entire buffer
: : >   first.
: : >   
: : >   Security: FreeBSD-SA-05:08.kmem
: : 
: : /me notes this is a good reason to use strncpy instead of strlcpy.
: 
: Don't you mean the opposite?

Actually, in at least one of these cases that were fixed should be
fixed by allocating the structure M_ZERO because it is a little too
large for the stack anyway.

Warner


More information about the cvs-all mailing list